Optimizing Windows 7 Deployment with MDOP

Windows® 7 (and Windows Server® 2008 R2) will cause
significant changes in many corporate information technology (IT) environments.
Companies must determine the readiness of their environments and applications
for Windows 7. Part of that process is to manage application inventories and to
mitigate compatibility issues. After deploying the new operating systems,
companies must troubleshoot any issues and then manage the new configurations.

The Microsoft®
Desktop Optimization Pack (MDOP) for Software Assurance (SA) can help
organizations to reduce the cost of application deployment, to deliver
applications as services, and to manage desktop configurations. Together, the
MDOP applications can give SA customers a highly cost-effective and flexible
solution for deploying and managing desktop computers.

A Windows 7 deployment is a good time to implement
technologies such as MDOP. Organizations can take advantage of the people,
processes, and technologies that are already engaged in the operating system
rollout to deploy these technologies; in turn, MDOP can help to ease the time,
cost, and effort of the operating system rollout.

This article will help IT pros to understand the value of
MDOP in a Windows 7 rollout. The article describes the challenges that
customers often face before, during, and after desktop deployment. It also
describes how MDOP can help overcome many of these challenges.

Asset Management

Rolling out Windows 7 begins with deployment planning. The
first step is to collect and rationalize an application inventory.
Rationalization of the inventory is the process of categorizing applications
and removing duplicate, unnecessary, and unwanted applications. Rationalizing
the application inventory includes prioritizing applications.

Rationalizing the application inventory can help to put a
Windows 7 deployment project on the path to success. Rationalization helps to
plan and prioritize the application-testing effort. The process also helps to
determine how to handle applications that have compatibility issues with
Windows 7. Additionally, rationalization helps to reduce the number of
applications that you must deploy and manage.

By implementing Microsoft Asset Inventory Service (AIS)
before starting a Windows 7 rollout, an organization can get a comprehensive
view of the software that is installed in its environment. AIS is an MDOP
application that can help a company to understand which applications are
running on its network, as well as the usage patterns of those applications, so
that the company can better prioritize those applications. AIS can help
companies sort those applications that require no mitigation from the
applications that do. In short, AIS translates the application inventory into
actionable and useful information.

Application Compatibility

By the time deployment begins, the inventory should be
rationalized. Companies can use the inventory to drive the
application-compatibility testing and mitigation process. Most popular
applications are compatible with Windows 7 and do not require mitigation.
Because Windows 7 is based on the Windows Vista® foundation, most applications
that work with Windows Vista will work with Windows 7. However, applications
that work with the operating system at a very low level, such as antivirus and
disk utilities, will probably require updates.

Microsoft continuously monitors and validates application
compatibility. Microsoft has built a comprehensive list of the most widely used
business applications and has tested those applications continuously throughout
the product cycle. Microsoft made significant investments in the ecosystem, to
help independent software vendors (ISVs) produce compatible applications. These
investments were in training, tools, and testing.

The few applications that might not be compatible with
Windows 7 include untested and internally developed line of business (LOB)
applications. Microsoft has made significant investments in tools to help
customers evaluate the compatibility of these applications. These tools include
the Windows 7 Upgrade Advisor and Microsoft Application Compatibility Toolkit
(ACT). Mitigating compatibility issues with LOB applications can be the most
time-consuming part of a deployment. Compatibility problems can sometimes block
operating system deployment altogether.

Compatibility issues do not necessarily mean a block to
deployment, however. For issues that cannot be mitigated through use of ACT,
desktop virtualization can be a viable alternative. Virtualization can help
companies to move forward with Windows 7 deployment, by providing a safety net
for compatibility. This approach provides an environment in which to run
applications that have known compatibility issues. Microsoft provides desktop
virtualization in two forms: Windows XP Mode and Microsoft Enterprise Desktop
Virtualization (MED-V).

For businesses that have only a few PCs, Windows XP Mode is
a good solution. It provides a virtual Windows XP environment that can run many
Windows XP–compatible
business-productivity applications. Windows XP Mode provides a seamless
experience when running Windows XP–compatible applications in Windows 7.
For example, users see these applications on the desktop as though the
applications were running in Windows 7. They can open files, print, and use USB
devices as though the applications were running in Windows 7—when in reality,
the applications are running in a virtual Windows XP environment.

MED-V, a benefit of MDOP, is a solution for larger
organizations. MED-V can remove compatibility barriers to Windows 7 adoption.
The solution provides the benefits of Windows XP Mode with the management that
IT needs. IT can centrally create, test, deliver, and maintain virtual images.
MED-V helps to manage the entire lifecycle of virtual machines throughout the
enterprise. Additionally, MED-V includes usage policies and data-transfer
controls, such as authorization, expiration, and Web browser redirection. Like
Windows XP Mode, MED-V gives users a seamless experience. They are unaware that
applications are running in virtual machines.

Application Management

As part of the rationalization process, companies determine
how to deploy each application. Of course, they fine tune these decisions
during compatibility testing and mitigation. In some cases, organizations
choose to deploy an application by using desktop virtualization. They will
deploy the remaining applications to the Windows 7 desktop.

There are essentially two thoughts on deploying applications
for Windows 7: thick imaging and thin imaging. Each has unique advantages and
disadvantages.

Thick images include applications in a custom Windows 7
image that is quick to deploy. However, this image can be large and difficult
to move around, and it uses a lot of bandwidth. Image maintenance is
challenging because companies must install, update, and recapture the image to
update applications. There is also a limit to the number of times that you can
run Sysprep on an image, after which the image must be completely rebuilt.
Another disadvantage of thick images is that image count tends to go up as
different groups within the company have different application requirements. As
a result, testing effort increases dramatically as the groups add images to the
library.

Thin imaging is a best practice for deploying the Windows
operating system. Thin images include the minimum required applications, if
any. For example, the images might contain no applications at all or simply the
bare minimum security applications. After deploying thin images, companies
deploy applications to each PC. Thin images significantly reduce image
maintenance in response to application updates, because the applications are
not in the image. Thin images also reduce image count because far fewer unique
images are required. Many companies have reduced their image count to a single
Windows 7 image. As a result, testing effort is dramatically decreased, not
only because of the low image count but also because thin images are much
simpler than thick ones.

For businesses that are in the process of deploying Windows
7, the choice between thick and thin images is particularly timely. Tools such
as the Microsoft Deployment Toolkit 2010 and Microsoft System Center Configuration
Manager R2 can help companies to adopt thin imaging more easily.

Making Microsoft Application Virtualization (App-V)—which
is another benefit of MDOP—part of the company deployment strategy can make adopting
thin imaging even easier. App-V provides applications as a network service.
This solution streams applications on demand, without actually installing them
on the PC. App-V is perfectly geared to reducing image size and count.
Additionally, it pays dividends down the line, by streamlining application
updates and management. Updating and managing applications is also easier and
less disruptive to the user, and retiring an application does not require it to
be uninstalled.

Group Policy Management

Beginning with the early planning stages and continuing
through deployment, companies are usually thinking about how to manage Windows
7 after they roll it out to production.

Deploying Windows 7 is only the beginning. Of course, Group
Policy is an essential way in which businesses manage their PCs. Windows 7
provides many new Group Policy settings to give businesses finer control of security
and compliance on the desktop PCs in their environments. For example, settings
such as AppLocker make controlling application usage easier. Most companies
will want to take advantage of these new settings.

By itself, however, Group Policy does not help companies
manage Group Policy Objects (GPOs). Group Policy does not provide any sort of
role-based workflow. Large environments can be complex, with hundreds of GPOs.
Often, different people edit different GPOs, with no formal edit, review,
approval, and deployment processes. Administrators cannot edit GPOs without
affecting the production environment and cannot easily roll back GPOs when they
fail. Group Policy, by itself, does not provide control of authoring and
deployment.

Companies will likely work with Group Policy after deploying
Windows 7, so they can use this opportunity to take control of it. Another part
of MDOP, Microsoft Advanced Group Policy Management (AGPM), adds the missing
role-based delegation model to Group Policy. By using AGPM, companies can
delegate reviewer, editor, and approver roles per domain or per GPO. AGPM
provides a Group Policy workflow. Administrators can author and test GPOs
offline, in a test lab, and can easily move approved GPOs into production. AGPM
provides version control for GPOs and allows for quick rollback of failed GPOs.
AGPM makes managing GPOs in a complex environment easier by providing features
such as filtering and searching.

Troubleshooting

Even after all the effort in planning and developing the
perfect Windows 7 rollout, things do occasionally go wrong. Monitoring desktop
PCs during deployment can help companies anticipate and identify problems
before they escalate. For example, companies can identify a common failure and
update the application, mitigate the compatibility issue, post recovery
instructions on the intranet, and troubleshoot the root cause.

In MDOP, Microsoft System Center Desktop Error Monitoring
(DEM) can help organizations monitor their environments for failures. DEM is an
agentless monitoring system that is easy to deploy by using a single GPO. Using
DEM, companies can identify the probable cause and probable resolution of each
failure. The net result is a more-stable and more-reliable desktop environment.
DEM enables companies to be proactive in identifying applications that might
fail.

Deploying DEM before deploying Windows 7 can help companies
to measure the before-and-after effects of the deployment. First, the company
captures baseline data that describes application and system stability before
deploying Windows 7. After deploying Windows 7, the company compares current
metrics against the baseline data, to measure the impact of the deployment.

Every company that rolls out Windows 7 will troubleshoot the
individual and isolated issues that inevitably occur with any deployment. A
computer that does not start, a system failure that is caused by a device
driver, or a user who accidentally deletes files are examples of common issues.
Windows 7 does provide troubleshooting tools such as the Windows
Troubleshooting Platform, but these tools do not help companies diagnose
more-severe issues.

Microsoft Diagnostics and Recovery Toolset (DaRT) is another
MDOP application that can help companies troubleshoot desktop PCs. With DaRT,
organizations can recover PCs that will not start. Administrators can remove
bad device drivers and services that prevent systems from starting. DaRT
includes tools that help troubleshoot varieties of other problems, too. The
result can be quicker recovery and reduced downtime and data loss.

You can learn more about DEM and DaRT through the following
resources:

Perfect Timing

A Windows 7 deployment is the perfect time to deploy the
MDOP. First, MDOP can help companies plan for deployment by using the AIS to create
and to help rationalize an application inventory.

MDOP can even ease the time and effort of performing the
deployment. By using App-V, companies can reduce the cost of deployment by
reducing image size and count. They can also reduce the impact of deployment by
using tools such as MED-V to support Windows XP–compatible
business-productivity applications that are not compatible with Windows 7.

After deployment, MDOP can help companies provide more
responsive support. Organizations can use DEM to help improve post-deployment
stability and reliability. Additionally, companies can use DaRT to quickly
troubleshoot and recover PCs that fail.

For companies that are planning to deploy Windows 7, now is
the time to consider MDOP. These organizations are already geared up for a
major rollout and are in the mindset for change. They can incorporate the tools
that this article describes to help optimize that process. For more
information, see Microsoft Desktop
Optimization Pack.